proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-07-15 17:47:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
618d112b74
pve-access-control/PVE/CLI/pveum.pm
Thomas Lamprecht 618d112b74 pveum: add 'tfa delete' subcommand for deleting user-TFA 
Allows a user to straight forward delete TFS over CLI, easier as
telling them to edit some config files, and the API is already there.

Short circuit most params of that API call to undef, as they do not
make sense to expose.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-03 16:40:05 +02:00

182 lines
6.1 KiB
Perl
Executable File
Raw Blame History

package PVE::CLI::pveum;
use strict;
use warnings;
use PVE::AccessControl;
use PVE::RPCEnvironment;
use PVE::API2::User;
use PVE::API2::Group;
use PVE::API2::Role;
use PVE::API2::ACL;
use PVE::API2::AccessControl;
use PVE::API2::Domains;
use PVE::CLIFormatter;
use PVE::CLIHandler;
use PVE::JSONSchema qw(get_standard_option);
use PVE::PTY;
use PVE::RESTHandler;
use PVE::Tools qw(extract_param);
use base qw(PVE::CLIHandler);
sub setup_environment {
PVE::RPCEnvironment->setup_default_cli_env();
}
sub param_mapping {
my ($name) = @_;
my $mapping = {
'change_password' => [
PVE::CLIHandler::get_standard_mapping('pve-password'),
],
'create_ticket' => [
PVE::CLIHandler::get_standard_mapping('pve-password', {
func => sub {
# do not accept values given on cmdline
return PVE::PTY::read_password('Enter password: ');
},
}),
]
};
return $mapping->{$name};
}
my $print_api_result = sub {
my ($data, $schema, $options) = @_;
PVE::CLIFormatter::print_api_result($data, $schema, undef, $options);
};
my $print_perm_result = sub {
my ($data, $schema, $options) = @_;
if (!defined($options->{'output-format'}) || $options->{'output-format'} eq 'text') {
my $table_schema = {
type => 'array',
items => {
type => 'object',
properties => {
'path' => { type => 'string', title => 'ACL path' },
'permissions' => { type => 'string', title => 'Permissions' },
},
},
};
my $table_data = [];
foreach my $path (sort keys %$data) {
my $value = '';
my $curr = $data->{$path};
foreach my $perm (sort keys %$curr) {
$value .= "\n" if $value;
$value .= $perm;
$value .= " (*)" if $curr->{$perm};
}
push @$table_data, { path => $path, permissions => $value };
}
PVE::CLIFormatter::print_api_result($table_data, $table_schema, undef, $options);
print "Permissions marked with '(*)' have the 'propagate' flag set.\n";
} else {
PVE::CLIFormatter::print_api_result($data, $schema, undef, $options);
}
};
__PACKAGE__->register_method({
name => 'token_permissions',
path => 'token_permissions',
method => 'GET',
description => 'Retrieve effective permissions of given token.',
parameters => {
additionalProperties => 0,
properties => {
userid => get_standard_option('userid'),
tokenid => get_standard_option('token-subid'),
path => get_standard_option('acl-path', {
description => "Only dump this specific path, not the whole tree.",
optional => 1,
}),
},
},
returns => {
type => 'object',
description => 'Hash of structure "path" => "privilege" => "propagate boolean".',
},
code => sub {
my ($param) = @_;
my $token_subid = extract_param($param, "tokenid");
$param->{userid} = PVE::AccessControl::join_tokenid($param->{userid}, $token_subid);
return PVE::API2::AccessControl->permissions($param);
}});
our $cmddef = {
user => {
add => [ 'PVE::API2::User', 'create_user', ['userid'] ],
modify => [ 'PVE::API2::User', 'update_user', ['userid'] ],
delete => [ 'PVE::API2::User', 'delete_user', ['userid'] ],
list => [ 'PVE::API2::User', 'index', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options],
permissions => [ 'PVE::API2::AccessControl', 'permissions', ['userid'], {}, $print_perm_result, $PVE::RESTHandler::standard_output_options],
tfa => {
delete => [ 'PVE::API2::AccessControl', 'change_tfa', ['userid'], { action => 'delete', key => undef, config => undef, response => undef, }, ],
},
token => {
add => [ 'PVE::API2::User', 'generate_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options ],
modify => [ 'PVE::API2::User', 'update_token_info', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options ],
remove => [ 'PVE::API2::User', 'remove_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options ],
list => [ 'PVE::API2::User', 'token_index', ['userid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options],
permissions => [ __PACKAGE__, 'token_permissions', ['userid', 'tokenid'], {}, $print_perm_result, $PVE::RESTHandler::standard_output_options],
}
},
group => {
add => [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
modify => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
delete => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
list => [ 'PVE::API2::Group', 'index', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options],
},
role => {
add => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
modify => [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
delete => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],
list => [ 'PVE::API2::Role', 'index', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options],
},
acl => {
modify => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }],
delete => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }],
list => [ 'PVE::API2::ACL', 'read_acl', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options],
},
realm => {
add => [ 'PVE::API2::Domains', 'create', ['realm'] ],
modify => [ 'PVE::API2::Domains', 'update', ['realm'] ],
delete => [ 'PVE::API2::Domains', 'delete', ['realm'] ],
list => [ 'PVE::API2::Domains', 'index', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options],
sync => [ 'PVE::API2::Domains', 'sync', ['realm'], ],
},
ticket => [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
sub {
my ($res) = @_;
print "$res->{ticket}\n";
}],
passwd => [ 'PVE::API2::AccessControl', 'change_password', ['userid'] ],
useradd => { alias => 'user add' },
usermod => { alias => 'user modify' },
userdel => { alias => 'user delete' },
groupadd => { alias => 'group add' },
groupmod => { alias => 'group modify' },
groupdel => { alias => 'group delete' },
roleadd => { alias => 'role add' },
rolemod => { alias => 'role modify' },
roledel => { alias => 'role delete' },
aclmod => { alias => 'acl modify' },
acldel => { alias => 'acl delete' },
};
1;
Reference in New Issue View Git Blame Copy Permalink